PT-2026-42989

A security flaw has been discovered in SourceCodester Indian Invoicing System up to 0.x/1.0. The impacted element is an unknown function of the file /Invoicing/add order.php of the component Invoice Template Render Database-Backed. The manipulation of the argument customer name results in cross...

Kimai has an arbitrary file read in its invoice PDF renderer (admin)

Summary Users with the role System-Admin ROLESYSTEADMIN and the permission uploadinvoicetemplate can upload PDF invoice templates, which can call pdfContext.setOption'associatedfiles', ... inside the sandboxed Twig render. This is forwarded to mPDF's SetAssociatedFiles, whose writer calls...

GHSA-H5FH-7HWR-97MW Kimai has an arbitrary file read in its invoice PDF renderer (admin)

Summary Users with the role System-Admin ROLESYSTEADMIN and the permission uploadinvoicetemplate can upload PDF invoice templates, which can call pdfContext.setOption'associatedfiles', ... inside the sandboxed Twig render. This is forwarded to mPDF's SetAssociatedFiles, whose writer calls...

CVE-2026-44298

Kimai is an open-source time tracking application. From version 2.32.0 to before version 2.56.0, users with the role System-Admin ROLESYSTEADMIN and the permission uploadinvoicetemplate can upload PDF invoice templates, which can call pdfContext.setOption'associatedfiles', ... inside the sandboxe...

CVE-2026-44298

Kimai is an open-source time tracking application. From version 2.32.0 to before version 2.56.0, users with the role System-Admin ROLESYSTEADMIN and the permission uploadinvoicetemplate can upload PDF invoice templates, which can call pdfContext.setOption'associatedfiles', ... inside the sandboxe...

CVE-2026-44298

The Kimai CVE-2026-44298 affects Kimai versions 2.32.0–2.55.x. It enables an admin user with upload_invoice_template permission to trigger pdfContext.setOption('associated_files', ...) during sandboxed Twig rendering, forwarding to mPDF2 SetAssociatedFiles() and allowing file_get_contents() on e...

CVE-2026-44298 Kimai: Arbitrary file read in invoice PDF renderer (admin)

Kimai is an open-source time tracking application. From version 2.32.0 to before version 2.56.0, users with the role System-Admin ROLESYSTEADMIN and the permission uploadinvoicetemplate can upload PDF invoice templates, which can call pdfContext.setOption'associatedfiles', ... inside the sandboxe...

PT-2026-38651

Name of the Vulnerable Software and Affected Versions Kimai versions 2.32.0 through 2.55.x Description Users with the System-Admin role ROLE SYSTE ADMIN and the upload invoice template permission can upload PDF invoice templates that execute pdfContext.setOption'associated files', ... within the...

GHSA-RH42-6RJ2-XWMC Kimai leaks API Token Hash via Invoice Twig Template

Summary The Twig sandbox used for invoice templates blocks certain sensitive User methods password, TOTP secret, etc. via a blocklist in StrictPolicy::checkMethodAllowed. However, getApiToken and getPlainApiToken are not on the blocklist. An admin who creates an invoice template can embed calls t...

CVE-2026-25548 InvoicePlane Vulnerable to Remote Code Execution via Local File Inclusion and Log Poisoning

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A critical Remote Code Execution RCE vulnerability exists in InvoicePlane 1.7.0 through a chained Local File Inclusion LFI and Log Poisoning attack. An authenticated administrator can execute...

Invoice Template - hash SQL Injection

Invoice Template - hash SQL Injection Exploit Title: Invoice Template v1.0 for PHPRunner/ASPRunnerPro/ASPRunner.NET. - SQL Injection Google Dork: N/A Date: 07.04.2017 Vendor Homepage: https://xlinesoft.com/ Software: https://xlinesoft.com/invoice Demo:...

Invoice Template - 'hash' SQL Injection

Exploit Title: Invoice Template v1.0 for PHPRunner/ASPRunnerPro/ASPRunner.NET. - SQL Injection Google Dork: N/A Date: 07.04.2017 Vendor Homepage: https://xlinesoft.com/ Software: https://xlinesoft.com/invoice Demo: https://xlinesoft.com/livedemo/invoice/livedemo1/ Version: 1.0 Tested on: Win7 x64...

Invoice Template - hash Parameter SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Invoice Template v1.0 for PHPRunner/ASPRunnerPro/ASPRunner.NET. - SQL Injection Google Dork: N/A Date: 07.04.2017 Vendor Homepage: https://xlinesoft.com/ Software: https://xlinesoft.com/invoice Demo:...

VoipNow v4.0.1 - (xajax_handler) Persistent Vulnerability

Document Title: =============== VoipNow v4.0.1 - xajaxhandler Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1828 Release Date: ============= 2016-04-25 Vulnerability Laboratory ID VL-ID: ==================================== 182...